Which version of podman?
I tried Podman 3.4.4 which is the one I could install from the Ubuntu 22.04 APT repository. It seems it works about the same way as Docker, except it does not hjave an internal DNS server as Docker Desktop, but adds the host.containers.internal domain to the hosts file inside the container and the hostname points to the gateway of the ccontainer. It works only when you run the podman command as root. Otherwise podman uses the same network mode as rootless Docker called “slirp4netns”.
If you run
ps auxf
and search for slirp4netns in the output, you will find something like this when you run a container as a non-root user:
/usr/bin/slirp4netns --disable-host-loopback ...
Rootless Docker uses Rootlesskit which is from the same repo owner on GitHub as slirp4netns which is also used by rootlesskit.
This does not allow users to access the host using the container gateway regardless of what you use, Docker or Podman. So host.containers.internal works only as root. Maybe later versions do support it without root, I don’t know. If you share which version of Podman you are using, I can check it.
About the host network:
It looks like Podman supports accessing ports on the host when using host network, because then it just runs the container without additional security layer like rootlesskit. I’m not saying it is bad, it is just different. slirp4netns has the --disable-host-loopback flag I quoted before. I have read that it is supposed to disable accessing to loopback interfaces fo security reasons. You can change it in rootlesskit (instructions are at the beginning of dockerd-rootless.sh), but it was not enough for me as it is still indeed in a network namespace so I’m not sure why this flag is supported. Probably because there are other parameters as well like changing the network mode from slirp4netns to host or other possible values. I didn’t have time to try so I don’t know what it would do exactly, but it would be set for all containers and without root user, you have probably no right to manipulate host networks without network namespace, so it could mean you could run containers only on the host network witht your user.
Thw “hacky way” you used could easily be the best way in the end. Or you would need to set up a DNS server somewhere which resolves a hostname to your host IP.
I don’t see any problem with your solution even if an officially supported way would be better. Docker and compose can do many things, but not always enough and sometimes we need to write scripts and generate compose files or commands from a template.
I will save this topic as a bookmark and I will play with rootlesskit more. If I find out something, I will share. Until that, you can learn more about rootlesskit and keep your hacky way if you don’t find a better solution.
If you used rootless Docker only to run containers in a usernamespace, you can enable usernamespace in Rootful Docker as well and you could use the host-gateway keyword or implement host.docker.internal per container and per port as I described it here: